<?php
//dochangeusertype.php
//Changes user type from admin to user or user to admin

require_once("../functions.php");
require_once("../database.php");

session_start();
if(!user_admin()){
  header('location: ../index.php');
  exit;
}

if($_GET && isset($_GET['id']) && isset($_GET['new'])){

  $safe_id = sql_escape($_GET['id']);
  if(is_numeric($safe_id)){
  
    $safer_id = (int) $safe_id;
    
    if($safer_id != $_SESSION['user']){
    
      // Make user a user
      if($_GET['new'] == 'user'){
        query_update("
          UPDATE user
          SET isadmin = 0
          WHERE id = " . $safer_id
        );
      }
      
      // Make user an admin
      else if($_GET['new'] == 'admin'){
        query_update("
          UPDATE user
          SET isadmin = 1
          WHERE id = " . $safer_id
        );
      }
      
    }
  }
}

header('location: ../admin.php');
exit;



?>
